Question on CISSP

I am seeking information.

I have been in networking and involved in network security for 20 years, but I've never taken a security certification exam, with the exception of the SANS GSEC earlier this year. I have found that experience has always carried more weight than the cert. However, there is a job coming up that requires a CISSP and a CISA. If I want to apply I need at least one of the certs. I have the TESTOUT CBT CD's for the CISSP and I was wondering for those who have dedicated themselves to studying and successfully passing the CISSP exam how long did it take?

I could attend a boot camp, for the CISSP, in the very near future and knock this out very quickly.

I would really like to know, for those who have passed the CISSP, how long did it take? I realize the exam covers a pretty broad area. The same information for the CISA would also be helpful.    
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I haven't taken the test (yet) but most of my colleagues have.  Most have devoted a couple of weeks to get through it, so far as I can tell... at least with the "boot camp" option.  It does cover a very broad scope of material AFAIK, and I don't think you'll have to go so in depth as to pull out a lot of math for cryptanalysis.
jhhaleyAuthor Commented:
LindyMoff: Thanks for the response, you made the following comment:

"Most have devoted a couple of weeks to get through it, so far as I can tell... at least with the "boot camp" option."

Did you mean that they took a couple of weeks to get through it (exam) in conjuction with a boot camp or did they self study?

For All: The boot camp I was considering is sponsored by Has anyone taken training at this location and were you happy with the training? I am looking at Atlanta for the training location.  
Dushan De SilvaTechnology ArchitectCommented:
Yes that 10 Cds are very good. Its covering most of the things in the 10 domains.
For CISSP exam you must know things in One square mile, but only one inche deep knowledge.

You must Read "SHON HARRIS - CISSP Certification Exam Study Guide" --> Exaplins in Very Simple manner. One of my freind got passed from CISSP, only reading this book.

And another my freind(busy freind) got 655/1000 marks (need 700 marks to pass). --> he went through only "CISSP Prep Guide", its covering all the topics in summerized manner.

But I'm Advicing to read "CISSP Official Guide" also.

And if you are very good expereinced in network(security), I don't think, u must attent to the boot camp. But you should read at least above 3 books (at least one book very well). But if you can attent to boot camp, it will good. But i don't have expereince about boot camp.

And If you are planning for boot camp, I'm advicing you to attent official boot camp.

You can check official CISSP web site.
You can register for Official boot camps from ICS2 web site, acording to you location. And you must register for CISSP exam from same site.

And you can see CISSP current member list(including thier CVs).

And you can have online practice exams from, you can select questions acording to the wieght of the questions.(  CISSP questions have weight 1-5)


BR Dushan

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Dushan De SilvaTechnology ArchitectCommented:
I don't know about
I'm advicing you to take official Trainig from ISC2.

You can search exmaination date/time/locations from following link.

Results will show exm dates and Official Seminars(Boot camps) date.

These official seminar will help full 5 days. And Seminars are normally scheduling 2-3 weeks before the exam. (Same location exams scheduling.)

BR Dushan
Dushan De SilvaTechnology ArchitectCommented:
After studying, you can check your knowlede/standrad.

You can answer questions acording to domain. Or you can select multiple domains with shift key.

BR Dushan
Yeah, I don't know much about ced... but I think so long as you have the study CDs it would probably be just fine.  When I said 2 weeks I meant a week of self-study followed by a week of boot camp (through ISC2) and then the exam.  It's all subjective though :)
Dushan De SilvaTechnology ArchitectCommented:
yes. If you study hardly, two weeks will enough. But it will depend on you (studying way and frequency of capturing the knowledge) . After studying you can check your standard via  kind of qiuze sites. ;).
But I'm advising to study at least two months. Because it covers hudge area. I mean not deeply one section. Covers most sections overally. So will take time to understand some most of the management concept, because most of the questions are related to decision making, management ..etc . Not much deep technically. But to take those decisions you should know technical term and usage of technology very well (mostly via expereince).

BR Dushan
Jhhaley, I was in a very similar situation a while ago. Broad IT experience of almost 20 years, but no certification.
After looking through all possible certification I choose CISSP because it covers a really broad range of topics, is vendor independent and is highly praised.
Because of my experience I did not want to take a course or follow a boot camp, because of the possibility of lots of overlaps with my own experience. That seamed like wasted time.
Also important for me was passing the first time. I did not want to spend the same time and money again to retake an exam, so I wanted to be very well prepared.
This is what I did:
- Downloaded the study guides form They are free (after registration) and then you'll know what you are up against.
- Bought the following book: "Shon Harris, CISSP All In One Exam Study Guide Third Edition" as my main study guide. It's very clear, easy to follow and the sample questions prepare you very well on the type of questions you will get at the exam.
- Also bought: "The CISSP Prep Guide, Second Edition: Mastering the CISSP and ISSEP™ Exams by Ronald L. Krutz and Russell Dean Vines (Wiley Publishing)" as my secondary study guide. As I did not follow any courses - just self study - I really wanted a second opinion.
- Downloaded the open study guides from , as a third opinion :-)
Then I did a quick run through the Harris' book, just to know what it's all about and where I'm really not up to speed.
After doing that I knew that I would really have to study on security management practices, cryptography and security architectures and models. Because I had the least experience with those.

Then up to studying. I had two months to prepare, while in the same period I had my fulltime job + I was teaching 2003 server courses in the evening twice a week.
Used up all my other spare time in that period. After that I felt ready. I estimate that it took me about 200 hours of intense studying. Your mileage may vary, as I also had the language barrier of English. English is my third language, after Dutch and French. FYI, sometimes I took a side track by looking through the recommended readings which you will find in Harris book.
After studying each chapter of Harris' book I took the test questions at the end of each chapter. I kept score. Studying that first book took about three quarters of my time. Next ones go a lot faster.
After finalizing that book I read Krutz' book - skipping the ISSEP part - and also took the test questions which are in there. And again I kept score. After two test round you will know where you will have to work at. I the used the open study guides. And did a third round of test, this time the full test from the CD included with Harris' book. This test prepares you well for the sheer volume of the exam.
Based on my three scores and which questions I did not pass, I then brushed up on the harder topics.
Also, during the studying I made a lot of notes. The day before the exam, I only ran through my own notes as those contained all information I felt I needed, in a condense form.

I also followed these tips very closely:
It contains sound advice, also for taking the exam itself.

In my opinion, both Harris and Krutz are must reads, but if I had to choose one then I would choose Harris. As a matter of fact I did so. I'm teaching a CISSP course here in Belgium (starting next January) and have chosen Harris' book as the study guide for my students. The course is not a boot camp, as it takes 75 hours (double that of a boot camp) and is spread over 3 months. Because I believe you can only hold your attention for a limited time. And I also make that course more practical by adding ISO 17799 to it, for building a security plan. But that's not a must for passing the exam.
What I'm saying is -  like Dushan - if you can: spread your studying. Don't try to cram it in 2 weeks. And a boot camp alone will certainly not be enough.
If you really have to take it in two weeks, and you have those two weeks completely free, then you might give it a shot. If that's the only time you have, and you are already very experienced, then I would not waste any time on a boot camp. With self study you can adapt much more flexible to your own knowledge.
Also: take enough breaks and have some relaxing time in between.

BTW, I passed first time :-)

Good luck, and I hope to welcome you as a CISSP very soon. The more security knowledge out there, the better. And it's indeed an excellent career advancer.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.